Tag: docker

I spend a large amount of my time helping clients implement Rancher successfully. As Rancher is involved in just about every vertical, I come across a large number of different infrastructure configurations, including (but not limited to!) air-gapped, proxied, SSL, HA Rancher Server, and non-HA Rancher Server. Read more

I just came back from DockerCon EU. I have not met a more friendly and helpful group of people than the users, vendors, and Docker employees at DockerCon. It was a well-organized event and a fun experience.

I went into the event with some questions about where Docker was headed. Solomon Hykes addressed these questions in his keynote, which was the highlight of the entire show. Docker embracing Kubernetes is clearly the single biggest piece of news coming out of DockerCon.Read more

You can run Docker containers on Windows as well as Linux. Although, in many ways, Docker works similarly on these operating systems, there are some differences. Below, I walk through the steps of installing and running Docker on Windows, and point out how they are similar to and different from running Docker on Linux.

Installing Docker on Windows and Linux

Let’s start with installation. The Docker installation process is different on both operating systems. Read more

For teams building and deploying containerized applications using Docker, selecting the right orchestration engine can be a challenge. The decision affects not only deployment and management, but how applications are architected as well. DevOps teams need to think about details like how data is persisted, how containerized services communicate with one another, load balancing, service discovery, packaging and more. It turns out that the choice of orchestration engine is critical to all these areas.

While Rancher has the nice property that it can support multiple orchestration engines concurrently, choosing the right solution is still important. Rather than attempting to boil the ocean by looking at many orchestrators, we chose to look at two likely to be on the short list for most organizations – Kubernetes and Docker Swarm. Read more

Container security was initially a big obstacle to many organizations in adopting Docker. However, that has changed over the past year, as many open source projects, startups, cloud vendors, and even Docker itself have stepped up to the challenge by creating new solutions for hardening Docker environments. Today, there is a wide range of security tools that cater to every aspect of the container lifecycle.

Docker security tools fall into these categories:

Kernel security tools: These tools have their origins in the work of the open source Linux community. They have been inherited by container systems like Docker as foundational security tools at the kernel level.

Image scanning tools: Docker Hub is the most popular container registry, but there are many others, too. Most registries now have solutions for scanning container images for known vulnerabilities.

Orchestration security tools: Kubernetes and Docker Swarm are the two most popular orchestrators, and their security features have been gaining strength over the past year.

Network security tools: In a distributed system powered by containers, the network is more important than ever. Policy-based network security is gaining prominence over perimeter-based firewalls.

Security benchmark tools: The Center for Internet Security (CIS) has provided guidelines for container security, which have been adopted by Docker Bench and similar benchmark security tools.

Security with CaaS platforms: AWS ECS, GKE and other CaaS platforms build on the security features of their parent IaaS platform, and then add container-specific features or borrow security features from Docker or Kubernetes.

Purpose-built container security tools: This is the most advanced option for container security. In it, machine learning takes center stage as these tools look to build an intelligent solution to container security.

Here’s a cheatsheet of Docker security tools available as of mid-2017. It’s organized according to which part of the Docker stack the tool secures.

For any team using containers – whether in development, test, or production – an enterprise-grade registry is a non-negotiable requirement. JFrog Artifactory is much beloved by Java developers, and it’s easy to use as a Docker registry as well. To make it even easier, we’ve put together a short walkthrough to setting things up Artifactory in Rancher.

Before you start

For this article, we’ve assumed that you already have a Rancher installation up and running (if not, check out our Quick Start guide), and will be working with either Artifactory Pro or Artifactory Enterprise.

Choosing the right version of Artifactory depends on your development needs. If your main development needs include building with Maven package types, then Artifactory open source may be suitable. However, if you build using Docker, Chef Cookbooks, NuGet, PyPI, RubyGems, and other package formats then you’ll want to consider Artifactory Pro. Moreover, if you have a globally distributed development team with HA and DR needs, you’ll want to consider Artifactory Enterprise. JFrog provides a detailed matrix with the differences between the versions of Artifactory.

There’s several values you’ll need to select in order to set Artifactory up as a Docker registry, such as a public name, or public port. In this article, we refer to them as variables; just substitute the values you choose in for the variables throughout this post.

To deploy Artifactory, you’ll first need to create (or already) have a wildcard imported into Rancher for “*.$public_name”. You’ll also need to create DNS entries to the IP address for artifactory-lb, the load balancer for the Artifactory high availability architecture. Artifactory will be reached via $publish_schema://$public_name:$public_port, while the Docker registry will be reachable at $publish_schema://$docker_repo_name.$public_name:$public_port